Step 1: 安装containerd
从 https://github.com/containerd/containerd/releases 下载编译好的containerd二进制安装包,执行以下命令,并解压到 /usr/local:
$ tar Cxzvf /usr/local containerd-2.0.0-rc.3-linux-amd64.tar.gz
bin/
bin/containerd-shim-runc-v2
bin/containerd-shim
bin/ctr
bin/containerd-shim-runc-v1
bin/containerd
bin/containerd-stress
Systemd设置
从 https://github.com/containerd/containerd/blob/main/containerd.service 下载 containerd.service 到 /usr/local/lib/systemd/system/containerd.service,启用它:
systemctl daemon-reload
systemctl enable --now containerd
Step 2: 安装runc
到这里 https://github.com/opencontainers/runc/releases 下载 runc,安装到/usr/local/sbin/ 目录下:
$ install -m 755 runc.amd64 /usr/local/sbin/runc
Step 3: 安装 CNI 插件
到这里 https://github.com/containernetworking/plugins/releases 下载 cni 插件,安装到/opt/cni/:
$ mkdir -p /opt/cni/bin
$ tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.5.1.tgz
./
./macvlan
./static
./vlan
./portmap
./host-local
./vrf
./bridge
./tuning
./firewall
./host-device
./sbr
./loopback
./dhcp
./ptp
./ipvlan
./bandwidth
Step 4:生成配置
containerd 的配置文件位于/etc/containerd/config.toml,默认是没有的,通过以下命令生成一个默认配置。
containerd config default > /etc/containerd/config.toml
Step 5:配置 systemd cgroup 驱动
要在/etc/containerd/config.toml中使用runc的systemd cgroup驱动,需要设置:
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
Step 6:覆盖沙盒 (pause) 镜像
正常情况下,国内你是拉取不到registry.k8s.io/pause:3.8镜像的,这个镜像是一切的pod的基础,要么自己手动导入进来,要么改成国内的镜像,通过设置以下配置来覆盖默认的沙盒镜像:
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "kubebiz/pause:3.8"
Step 7:重启containerd:
最后,重新启动:
sudo systemctl restart containerd
可以通过 systemctl status containerd看看是否启动成功。
如果报错,可以通过:
journalctl -xeu containerd
查看错误信息。
其他:多节点安装
当你有多台节点时,依次执行太浪费时间了,可以执行以下脚本,批量同步到其他节点上。
在以上安装步骤中,假设你的安装包及相关配置,在/k8s/cri/目录中。
# ls /k8s/cri/
cni-plugins-linux-amd64-v1.3.0.tgz
containerd-1.7.1-linux-amd64.tar.gz
containerd.service
runc.amd64
批量执行:
注意:设置无密验证,则可不用输入密码,设置参考:无密码 ssh 登录其它节点
# 需要同步的节点
export NODE_IPS=(m1 m2 m3 n1 n2)
for node_ip in ${NODE_IPS[@]}
do
echo ">>> ${node_ip}"
# Step 1
scp /k8s/cri/containerd-1.6.8-linux-amd64.tar.gz root@${node_ip}:/k8s/cri
ssh root@${node_ip} "tar Cxzvf /usr/local /k8s/cri/containerd-1.6.8-linux-amd64.tar.gz"
ssh root@${node_ip} "mkdir -p /usr/local/lib/systemd/system/"
scp /k8s/cri/containerd.service root@${node_ip}:/usr/local/lib/systemd/system/
ssh root@${node_ip} "systemctl daemon-reload && systemctl enable --now containerd"
# Step 2
scp /k8s/cri/runc.amd64 root@${node_ip}:/k8s/cri/
ssh root@${node_ip} "install -m 755 /k8s/cri/runc.amd64 /usr/local/sbin/runc"
# Step 3
scp /k8s/cri/cni-plugins-linux-amd64-v1.1.1.tgz root@${node_ip}:/k8s/cri/
ssh root@${node_ip} "mkdir -p /opt/cni/bin && tar Cxzvf /opt/cni/bin /k8s/cri/cni-plugins-linux-amd64-v1.1.1.tgz"
# Step 4、5、6
ssh root@${node_ip} "mkdir -p /etc/containerd"
scp /etc/containerd/config.toml root@${node_ip}:/etc/containerd/
# Step 7:重启containerd:
ssh root@${node_ip} "sudo systemctl restart containerd"
# 验证
ssh root@${node_ip} "systemctl status containerd|grep Active"
done
批量验证容器状态:
export NODE_IPS=(m1 m2 m3 n1 n2)
for node_ip in ${NODE_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "systemctl status containerd|grep Active"
done
